Jump to content

Uploading large files via FTP/security quesiton


falkencreative

Recommended Posts

Quick question for you all... I have a client who wants me to build a basic file manager into the CodeIgniter powered administrative backend I built her a couple months ago. The admin user would have the ability to upload files, and the various users would be able to log in and download the files the admin uploads. Each file would need to be associated with a specific user, and (ideally) the user should only be able to view/download files that are associated with them.

 

That isn't really a problem -- I could easily handle that task. However, it seems that the client will be uploading large ZIP files using this tool that will be between 50-100 MB, and my impression is that it would be significantly faster/potentially more efficient to upload those files using FTP.

 

It seems I have two main options:

 

A : All files would be uploaded using the administrative tool to one specific "uploads" folder. This would allow me to keep the files organized in a database and associate each file with a specific user or store additional info about the file, as well as create a file wrapper that would prevent users from downloading a file if they didn't have the correct permissions. The downside would be that FTPing the file to the server would not be possible.

 

B : Files would be organized in a folder structure, and the folder that the file was in would determine which user the file was related to. Rather than storing file info in a database, PHP would simply list all available files in the specific folder. This would allow the admin to FTP files if necessary, but could have some security risks since I'm not sure there would be any way of stopping a non-authorized user from downloading files if they knew the exact URL. I'm not THAT concerned about security, since the documents aren't super sensitive, but I'm just trying to consider all options and it's something to consider.

 

Any thoughts? Suggestions? Any way that I could combine options A and B so that I could upload files via FTP but still preserve security?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...